Dark Reading

'Ardilla' Automatically Roots Out SQL Injection And XSS, Generates Attacks

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications. The so-called Ardilla tool uses a technique developed by ...
Bleeping Computer

Zimbra patches zero-day vulnerability exploited in XSS attacks

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. Now ...
Threat Post

Canopy Parental Control App Wide Open to Unpatched XSS Bugs

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. Canopy, a parental control app that offers a range of features ...
Threat Post

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight. An unpatched stored cross-site-scripting (XSS) ...